Skip to content

Instantly share code, notes, and snippets.

@rosskevin

rosskevin/use Secret

Created March 22, 2019 19:18
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
#!/usr/bin/env bash
# NOTE!!! use the dot space execution so var export takes effect on parent:
# . ./use development
if [ $# -eq 0 ]; then
echo "Usage: $0 <identity-stack-name>"
echo " First argument should be the name of your GCP identity stack"
exit 1
fi
# wipeout old config so we don't have any issues picking out the token for dashboard - this is hacky and could be fixed
rm -f $HOME/.kube/config
REGION=`pulumi stack output region --stack $1`
ZONE=`pulumi stack output zone --stack $1`
CLUSTER_NAME=`pulumi stack output clusterName --stack $1`
# GOOGLE_CLOUD_ACCOUNT must be in the ~/.zshrc
export GOOGLE_CLOUD_PROJECT=`pulumi stack output project --stack $1`
echo -e "Using the ${GOOGLE_CLOUD_PROJECT} environment with user account ${GOOGLE_CLOUD_ACCOUNT}"
# Create a config for project (so we can activate it by name) - may complain
gcloud config configurations create ${GOOGLE_CLOUD_PROJECT} --quiet
# set the project id globally so we don't have to keep specifying it
gcloud config set project ${GOOGLE_CLOUD_PROJECT}
# set primary region, zone, account
# gcloud config set container/use_client_certificate true
gcloud config unset container/use_client_certificate
gcloud config set compute/region ${REGION}
gcloud config set compute/zone ${ZONE}
# set primary region, zone, account
# gcloud config set account ${GOOGLE_CLOUD_ACCOUNT}
# or gcloud config configurations describe ${GOOGLE_CLOUD_PROJECT}
# alternative auth by service key
# gcloud auth activate-service-account --key-file /path/to/your/key.json
#
## note gcloud and kubectl can operate on different contexts, so switch both
gcloud config configurations activate ${GOOGLE_CLOUD_PROJECT}
# show the active config
gcloud config list
echo -e "\n"
# Get kubectl ready by getting GKE credentials for the project. This will insert auth data and project info in ~/.kube/config
gcloud container clusters get-credentials ${CLUSTER_NAME} --zone ${ZONE} --project ${GOOGLE_CLOUD_PROJECT}
# show the current project, zone and cluster
kubectl config current-context
# show the active gcloud config
gcloud config list
kubectl get nodes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment